SP// WAF 


Protect your edge. 


STACKPATH 


These days the WWW feels more like WW3. The size, speed and sophistication of 
malicious online activity grows exponentially. Before one threat is identified and 
mitigated, an even fiercer attack puts your application in its sights. Unfortunately, 
protecting your workloads can require so much setup and management and block so 
much access that the protection ends up costing as much as the attacks themselves. 


Lock down your applications and assets without locking out end-users or locking up 
DevOps time. With SP// WAF, you can instantly enable enterprise-class protection 
with little-to-no configuration required. Go further with powerful customization and 
integration options to create and tailor WAF policies and behavior to fit your workloads’ 


unique security needs. 


Consider us your weapon of mass protection. Safeguard work, sanity, and bottom line 


all at once with SP// WAF. 


Use Cases 


» Application Protection 

” Protect internet-connected applications, including 
websites, online games, APIs and SaaS products, with 
little to no additional performance overhead or impact to 
legitimate traffic. 








) Content Protection 

Control access to and protect the value of the content you 
sell or deliver, such as photography, video streams and 
files, audio streams and software packages. 


Benefits 


) High-Precision Threat Identification 

j Unique device-level fingerprinting, diverse DDoS attack 
profiling, and globally synchronized threat detection 
and mitigation reduces false-positives and catches 
sophisticated and emerging threats. 





@ Instant and Easy Setup 

® Built-in policies created by our expert security team 
mitigate the most common and dangerous threats, 
including OWASP Top 10, right out-of-the-box, requiring 
little-to-no configuration. 
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Layer-7 DDoS Attack Mitigation 

Block and resolve application-layer DDoS attacks of 
any size, with unique and comprehensive identification 
technologies and techniques. 





à Virtual Patching 

á Quickly and easily protect newly identified application 
vulnerabilities that have not yet been patched in your 
application source code. 





@® Always Up to Date 

Allow our around-the-clock security experts update built-in 
policies in real-time to address emerging or increasing 
threats identified anywhere in the world, requiring no action 
on your part. 


à Total Customization and Control 

” Built-in policies are easy to toggle on/off or further 
customize. An easy-to-use custom rules engine and robust 
API make it simple to create unique security policies and 
system integrations. 





Ready to get started? Visit stackpath.dev for technical documentation. 1 


Request a demo at stackpath.com or contact us at sales@stackpath.com. 


How it Works 


Deliver your content and use the power of SP// WAF to get to 
your end users securely without comprising on speed. 


Filter, monitor, and block any malicious traffic instantly with 
our continuously updated built-in policies through the WAF 
Intelligence Cluster. Allow valid traffic to be sent straight to the 
originating source. 


Features 


Built-in Policies 

Powerful WAF policies created by our expert team are 
automatically activated for each WAF site you create—with 
no action needed from you or additional cost required— 
addressing vulnerabilities related to: 


e OWASP Top 10 Threats ° Spam and Abuse 


e CSRF Attacks e Irregular Traffic Behavior 

e User Agents e CMS Protection 

e Traffic Sources e Known and Unknown 
Bots 


e Automation and Bot 
Protection ¢ Brute-force Attacks 


£) Customized Rules Engine 


An easy-to-use rules editor lets you create EdgeRules™ 
that enforce your own policies and automate protection 
behaviors, including: 


¢ Perform CAPTCHA 
¢ Browser Validation 


e Rate Limiting 
e Block List IP Addresses 
and Ranges 


e Allow List IP Addresses 
and Ranges 


e Monitoring 


® Device-level Fingerprinting 
Patented device-level fingerprinting technology distinguishes 
individual devices—not just individual IP addresses—to take 
a better look at suspicious traffic and reduce false or missed 
positives from situations, like bad devices using different 
IPs or good devices using “bad” IPs. 
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Ready to get started? Visit stackpath.dev for technical documentation. 


Q 


WAF Intelligence 
Cluster 


ALLOW 
TRAFFIC 


BLOCK 
TRAFFIC 


User Device 
LEGITIMATE 


Protected Content 


or Files 


User Device 
MALICIOUS 


SP// WAF 


Anti-Automation Suite / Bot Traffic Protection 
Patented technology stops malicious activities—like inventory 
lockups, scraping and price stealing—from automated tools 
and bots, identifying and covering tactics and threats 
including: 


e Common Traffic e Automated Clients 


Anomalies e Headless Browsers 


e Domain-specific Traffic 
Anomalies 


© Layer-7 DDoS Attack Mitigation 


Overlapping layers of threshold rules (domain, burst, 
sub-second) recognize application layer DDoS attacks and 
activate the protection of individual or clustered resources, 
while machine-learned models of normal traffic allow good 
traffic through even while DDoS attacks are being mitigated. 


(x) Data & Analytics 
Built-in monitoring and reports provide real-time visibility 
of WAF activity, with all the details of any security event 
available including: 


e Rule triggered e User Agent 

e Action Taken e Client (application) 
e Source IP e Client Type 

e Source Country e Request Headers 


Request a demo at stackpath.com or contact us at sales@stackpath.com. 


